loadbalancer/heat: use HTTP binding options when running SSL

Heat does not support TCP binding when running SSL termination. That means we need to make sure using HTTP is configured in HAproxy options when SSL is part of binding options, defined by the deployer. Closes-bug: #1467515 Change-Id: I621c2ee624d3d16394529daa4ca6c96ab1c7a067
2015-06-22 10:57:23 -04:00
parent 360ddfaae8
commit eba6f7446e
2 changed files with 20 additions and 10 deletions
--- a/manifests/loadbalancer.pp
+++ b/manifests/loadbalancer.pp
@@ -871,9 +871,12 @@ class cloud::loadbalancer(
    firewall_settings => $firewall_settings,
  }
  if 'ssl' in $heat_api_bind_options {
-    $heat_api_options = merge($common_tcp_options, {
+    $heat_api_options = {
      'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }',
-    })
+      'balance'        => 'source',
+      'timeout server' => $api_timeout,
+      'timeout client' => $api_timeout,
+    }
  } else {
    $heat_api_options = $common_tcp_options
  }
@@ -885,9 +888,12 @@ class cloud::loadbalancer(
    firewall_settings => $firewall_settings,
  }
  if 'ssl' in $heat_cfn_bind_options {
-    $heat_cfn_options = merge($common_tcp_options, {
+    $heat_cfn_options = {
      'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }',
-    })
+      'balance'        => 'source',
+      'timeout server' => $api_timeout,
+      'timeout client' => $api_timeout,
+    }
  } else {
    $heat_cfn_options = $common_tcp_options
  }
@@ -899,9 +905,12 @@ class cloud::loadbalancer(
    firewall_settings => $firewall_settings,
  }
  if 'ssl' in $heat_cloudwatch_bind_options {
-    $heat_cloudwatch_options = merge($common_tcp_options, {
+    $heat_cloudwatch_options = {
      'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }',
-    })
+      'balance'        => 'source',
+      'timeout server' => $api_timeout,
+      'timeout client' => $api_timeout,
+    }
  } else {
    $heat_cloudwatch_options = $common_tcp_options
  }
--- a/spec/classes/cloud_loadbalancer_spec.rb
+++ b/spec/classes/cloud_loadbalancer_spec.rb
@@ -527,12 +527,13 @@ describe 'cloud::loadbalancer' do
        :ipaddress => [params[:vip_public_ip]],
        :ports     => '8004',
        :options   => {
-          'mode'           => 'tcp',
-          'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }',
+          'mode'           => 'http',
          'balance'        => 'source',
-          'option'         => ['tcpka', 'tcplog', 'forwardfor'],
+          'option'         => ['tcpka', 'forwardfor', 'tcplog', 'httpchk'],
+          'reqadd'         => 'X-Forwarded-Proto:\ https if { ssl_fc }',
          'timeout server' => '90m',
-          'timeout client' => '90m'
+          'timeout client' => '90m',
+          'http-check'     => 'expect ! rstatus ^5',
        },
        :bind_options => ['ssl', 'crt']
      )}